KelpDAO’s April 18, 2026 exploit involved about $290 million in losses and is described as likely attributable to DPRK’s Lazarus Group, specifically TraderTraitor. The incident was isolated to KelpDAO’s rsETH configuration because it used a 1-of-1 LayerZero Labs DVN setup, leaving no independent verifier to reject a forged message. The attacker reportedly poisoned downstream RPC infrastructure by compromising two independent RPC nodes, replacing op-geth binaries, and using DDoS against uncompromised RPCs to force failover to the malicious nodes. LayerZero says the malicious RPC presented forged transaction data only to the DVN while responding normally to other requesters, then attempted to self-destruct by disabling RPCs and deleting logs/configuration. The case matters because it frames RPC infrastructure manipulation and single-verifier bridge configurations as a practical state-sponsored attack path rather than a protocol-level LayerZero vulnerability.